Insights
Publications

hiQ’s Groundbreaking Injunction Against LinkedIn Reaffirmed: Scraping of Publicly Available Data Likely Does Not Violate CFAA

April 26, 2022

The U.S. Court of Appeals for the Ninth Circuit has affirmed its prior decision, holding that LinkedIn could not block hiQ, a scraping entity, from scraping public LinkedIn profiles. The court found it was unlikely that hiQ had violated the Computer Fraud and Abuse Act (CFAA), which is commonly understood to be an anti-hacking law. However, this opinion is only limited to publicly available information. Meaning, a scraping company could still be liable under the CFAA if it is scraping information from a website that requires authorization or access permission, such as password authentication. 

Additionally, the court noted that data aggregators could bring other, non-CFAA claims, against scraping entities even when those companies are scraping public information, such as breach of contract and copyright infringement claims. Thus, data scraping law is very nuanced and still in its early stages, making the guidance of counsel especially important before starting a data scraping business or cutting off access to data scrapers.

Farella Braun + Martel represented hiQ in obtaining the preliminary injunction and through its first appeal to the Ninth Circuit.

The Court’s Analysis

After the Ninth Circuit affirmed the preliminary injunction in 2019, LinkedIn filed a petition for writ of certiorari with the Supreme Court of the United States. The Supreme Court vacated the decision and remanded the case to the Ninth Circuit for further consideration in light of its decision in Van Buren v. United States, 141 S. Ct. 1648 (2021), a case concerning application of the Computer Fraud and Abuse Act (CFAA) in the criminal context. The Ninth Circuit once again affirmed the underlying hiQ Labs decision, largely mirroring its earlier analysis.

To obtain a preliminary injunction, a plaintiff must show that they are likely to succeed on the merits, likely to suffer irreparable harm in the absence of preliminary relief, the balance of equities tips in their favor, and an injunction is in the public interest. 

The Ninth Circuit found credible hiQ’s assertion that the survival of its business is threatened absent an injunction prohibiting LinkedIn from blocking hiQ from scraping publicly available information from LinkedIn’s website. Similarly, the balance of equities tipped “sharply” toward hiQ, given that LinkedIn’s interest in preventing data collection was outweighed by hiQ’s interest in continuing its business. Importantly, the court also determined that there was a strong public interest in preventing companies like LinkedIn from becoming “information monopolies” who could otherwise decide, on any basis, who can collect and use publicly available data.

The remainder of the Ninth Circuit’s decision explored how hiQ raised “serious questions” that supported its likelihood of success on the merits of its intentional interference with contract claim against LinkedIn. With respect to LinkedIn’s “legitimate business purpose” defense to this claim, the Ninth Circuit determined, inter alia, that hiQ’s interest in fulfilling its contracts with the customers of its data analytics products and services is stronger than LinkedIn’s comparatively weak “interest in protecting its members’ data and the investment made in developing its platform” and “enforcing its User Agreements’ prohibitions on automated scraping.”

The court also rejected LinkedIn’s further argument that blocking hiQ from scraping publicly available data was justified because such scraping violated the CFAA, 18 U.S.C. § 1030, which outlaws intentional access to a computer to obtain information “without authorization” from that protected computer (here, the LinkedIn servers would be the “protected computer”). Once again, the court agreed that hiQ had at least raised a “serious question” that its activities did not run afoul of the CFAA because LinkedIn’s information was accessible to the general public, and so data miners like hiQ were not accessing those servers “without authorization.”

The court explained that Congress created the CFAA with “hacking” and “breaking and entering” in mind, contemplating the existence of three kinds of computer system accessibility:

  1. access is open to the general public and permission is not required,
  2. authorization is required and has been given, and
  3. authorization is required but has not been given.

According to the Ninth Circuit, where information like a public LinkedIn profile is “available to anyone with an internet connection,” it falls under the first category, and thus the idea that anybody, including scraper entities, can access this information “without authorization” is “inapt.” The court added that Van Buren’s “gates-up-or-down inquiry”—“one either can or cannot access a computer system, and one either can or cannot access certain areas within the system”—is akin to categories (2) and (3). It held that Van Buren thus reinforces its conclusion “that the concept of ‘without authorization’ does not apply to public websites.”

Takeaways

Large data aggregators should not rely on the CFAA when bringing claims against scrapers of their publicly accessible data, or when defending against claims brought by those scrapers when the aggregators take measures to restrict access to the data. However, while the court closed one gate, it left several others open. In fact, it reminded readers that other causes of action including state law trespass to chattels, copyright infringement, misappropriation, unjust enrichment, conversion, breach of contract, or breach of privacy may still apply to such scraping activities. Indeed, plaintiffs in data scraping lawsuits routinely include such claims in their complaints. 

Firm Highlights

News

Big Tech Breathes Sigh of Relief After Justices' Terror Rulings

Erik Olson spoke to Law360 for the article "Big Tech Breathes Sigh of Relief After Justices' Terror Rulings," covering the U.S. Supreme Court's decision not to review whether Section 230 insulates online platforms from...

Read More
Publication

New Laws and Compliance Updates for California Employers in 2023

California has passed several new or amended employment laws covering topics ranging from off-duty marijuana use, reproductive rights, California Family Rights Act, COVID-19, criminal law and the workplace, new avenues of enforcement against employers...

Read More
Publication

How Companies Can Stop Trade Secret Disclosure in California

When an executive, founder, or employee with access to trade secrets or confidential information leaves a company to work elsewhere, employer trade secrets might be used by a competitor. Under two laws, California’s Uniform...

Read More
News

Legal experts say Google, Twitter and other tech companies dodged a bullet at the Supreme Court

Erik Olson spoke to Silicon Valley Business Journal for the article "Legal experts say Google, Twitter and other tech companies dodged a bullet at the Supreme Court." The Supreme Court avoided taking a stand...

Read More
Publication

What Recent Rulings in 'hiQ v. LinkedIn' and Other Cases Say About the Legality of Data Scraping

LinkedIn obtained a permanent injunction on Dec. 6 in its six-year-old lawsuit against data scraping company hiQ Labs, which LinkedIn quickly cheered as a “final, decisive victory” that established an “important legal precedent.” While...

Read More
Publication

One Pending Supreme Court Case Could Change the Internet as We Know It: Gonzalez v. Google and Tech Platforms’ Liability

The Supreme Court granted certiorari in Gonzalez v. Google , a high-stakes case appealed from the Ninth Circuit about the scope of protection Section 230 of the Communications Decency Act affords technology companies against...

Read More
Publication

Failures Are Valuable IP: Protect Your Startup’s Negative Trade Secrets

Technology companies and start-ups are familiar with protecting inventions with patents, and protecting their secret formulas, source code, and algorithms as trade secrets. But tech companies may not be aware of another powerful form of...

Read More
Publication

California Extends Presumption of COVID-19 as Workers’ Compensation Injury and Modifies Notice Requirements for Potential Exposure

In addition to AB 152 extending COVID-19 leave through December 31, 2022 , Governor Gavin Newsom has also signed into law two other COVID-related bills—AB 1751 and AB 2693—affecting employers’ policies regarding employees who...

Read More
Publication

Under FTC’s New Proposed Rule, Employers Will No Longer Be Able to Rely on Noncompete Agreements

The Federal Trade Commission (FTC) has proposed a rule that would prohibit the use of noncompete agreements in employment contracts. Noncompete agreements prevent employees and independent contractors from pursuing certain forms of employment &ndash...

Read More
Publication

How To Avoid Allegations of Trade Secret Misappropriation in California

When departing a company, an executive, founder, or employee with access to trade secrets or confidential information may face legal allegations around whether they will use or disclose their former employer’s trade secrets at...

Read More